CNN —
Hackers linked to the Russian military were very likely behind ransomware attacks on Ukrainian and Polish transport and logistics companies last month, Microsoft said Thursday.
The revelation will raise concerns in Washington and European capitals that allies supporting Ukraine against the Russian invasion may face greater cyber threats from Moscow.
Poland is a NATO member and a major channel for delivering military aid to Ukraine.
The hacks “damaged transport and logistics companies in Poland and Ukraine,” a Microsoft spokesman told CNN. The amount of damage was unclear. CNN has requested more details from Microsoft.
Microsoft credits the hacks to a group that the Justice Ministry says works on behalf of Russia’s GRU military intelligence agency that caused power outages in parts of Ukraine in 2015 and 2016.
One of Ukraine’s top cybersecurity agencies, the state-run Special Communications Service, declined to comment.
It is a rare public example of an alleged Russian war-related hack wreaking havoc in a NATO member country.
During the Russian invasion in February, another suspected Russian hacker wiped data at two Ukrainian government companies with a presence in Latvia and Lithuania, but that was widely viewed by analysts as collateral damage rather than intentional.
NATO Secretary General Jens Stoltenberg said a cyberattack could trigger NATO’s Collective Defense Clause, which requires all members to repel an attack on another member. But that has never happened, and it’s unclear exactly where NATO’s threshold in cyberspace for a response is.
A NATO spokesman did not immediately respond to a request for comment.
The ransomware attacks associated with GRU signal “an increased risk for organizations that directly deliver or transport humanitarian or military aid to Ukraine,” said Microsoft researchers who worked directly with the Ukrainian government to respond to the hacks, in a statement.
The Russian Embassy in Washington, DC, did not respond to a request for comment on Microsoft’s statement. Moscow routinely denies having carried out cyber attacks.
Russian hacker groups conducted a series of cyberattacks on Ukrainian government and corporate networks during the war, sometimes overlapping with Russian military strikes. But the kind of high-impact hack that shuts down power or other critical networks has been largely absent.
Russian hacking played a peripheral rather than central role in the Kremlin’s efforts to dismantle Ukraine’s critical infrastructure, US and Ukrainian officials previously told CNN.